The question of what constitutes a trusted credential in the digital world is relatively new, as the valuable services and interactions that they are required for only started happening online in major volumes within the last decade. The question of how to trust credentials across different jurisdictions, however, is much older. Driver’s licenses are commonly accepted and used as proof of identity, age, address, and for myriad other reasons that often have nothing to do with driving. David Holmes, Identity Management & Security Commercial Director, North America at UL (Underwriters Laboratories) tells Biometric Update that makes extending it into the digital world to continue serving as a generally trusted credential a natural next step.

A consumer providing a mobile driver’s license and a biometric to confirm that it is really their own can essentially replicate the in-person process, but with greater security in spite of the authentication taking place remotely. Making that work, however, involves a lot of planning and coordination, involving a variety of industry and government stakeholders. Those stakeholders having been holding meetings to work towards the establishment of standards and best practices, Holmes says, and a massive opportunity for the biometrics industry looms.

As a public safety testing company with over a hundred years’ experience, including work in authentication and passports, UL’s role is to promote and support the preservation of security, privacy, and interoperability, Holmes says, so that mobile driver’s licenses will work for all of the many stakeholders involved.

“We’re not a solution provider, we don’t have any intention of being a solution provider, but we want solution providers and future solution providers to do things the right way, following the standards, and we’re trying to teach some of the best practices, at least from our perspective, by putting that out into the market,” Holmes explains.

In addition to its work with standards bodies, UL is participating in more proofs-of-concept and pilots, Holmes says. It has also produced a reference mobile driver’s license application for States to allow them to evaluate the concept of MDLs without committing to a certain solution provider.

“The solution is a piece of the puzzle, but the puzzle’s quite complex,” he states. “Where and how a mobile driver’s license credential interacts with systems throughout the state, some of which the state controls, and a lot of which it doesn’t control, is quite important.”

As the standards and best-practices move towards completion, states have already begun working on proof-of-concept and pilots projects of various sizes, with “more than a small handful that are underway or taking shape,” according to Holmes. Getting all 50 states to agree on interoperability standards makes the U.S. uniquely challenging, but as more information and confidence is gained from the early projects, Holmes is confident that the system will be finalized soon, with major roll-outs beginning very soon.

Holmes notes that some states are closely following the leaders to see how successful those initial steps are, and others seem to be monitoring developments so they will not be last. He believes the potential benefits of mobile driver’s licenses for consumers will compel fast action from states, as well as other stakeholders, like biometrics providers.

Those potential benefits include freeing consumers from carrying around the plastic card, increased use across jurisdictions, and more control over what information from the driver’s license is shared, with application-specific exposure. It could also potentially be used for payments, loyalty programs, and for various services that require authentication.

“Once you move this credential to a mobile device, your potential of having a much richer and greater authentication mechanism is greatly expanded,” Homes says.

The use cases will be determined by the market, and he says it is just a matter of time before the capability is expected from citizens. That lends urgency to the push for agreed-upon standards and best practices to set the project on footing to be used often and successfully while keeping biometrics and other sensitive information safe.

“How those credentials are stored has to be considered now, before they’re needed, so that people can implement the systems in a way that ensures the biometric credentials are stored and authenticated securely.”

Again, though solution providers may have a position on how credentials are stored and shared, Holmes says UL does not have a preference for how the required level of assurance is achieved.

“There are lots of down-in-the-weeds nuances that are being debated and talked about,” he reveals, “but I think our guiding principle is privacy protection and security, and as long as those things are top of mind, we’re not necessarily trying to push in one direction or another.”

There is some consensus, however, such as on the need for biometrics to be stored in the secure element of the mobile device. There is also a general awareness of the dangerous precedent set by the financial services industry, which may have inadvertently caused consumers to take lax attitudes towards account compromise by assuming financial responsibility for them, Holmes explains. With the ultimate goal of international MDL acceptance, the identity credential must be very strongly trusted, which makes it a potential opportunity for biometrics providers.

“MDL is a massive opportunity for them, just because of the numbers game that comes into play,” Holmes says. “It’s a massive opportunity that is not far away, because the wave is about ready to start hitting shore.”